The Federal Bureau of Investigation (FBI) is urging users / router owners around the world to reboot the network device as soon as possible. The announcement came after the 500,000 routers used at home and small businesses in more than 50 countries were attacked by malware.
"Foreign hackers have endangered hundreds of thousands home and office routers and other networking devices around the world," wrote a public service announcement from the Internet Crime Complaint Center. Hackers use a malware called VPNFilter that potentially retrieves user information through a router and able to damage the device permanently. The malware was first discovered by security team Cisco Talos a few days ago.
Allegedly, VPNFilter was developed by a Russian hacker. According to the US Department of Justice, the creators of malware VPNFilter is a network of Sofacy Group that directly leads to the Russian government. routers that have been attacked by malware is made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Users are advised to disable remote device settings using encryption, perform forced upgrades, and change new passwords.
"Malware VPN Filter is gradually platform, modular platform with versatile capabilities to support data collection and operations intelligence destructive cyber attack," wrote Cisco in its report.
Illustration of VPNFilter Malware that attacks the Router (Digital Trends / Cisco)
From the above Cisco illustration, there are three stages of VPNFilter consisting of the first persistent and non-persistent stages in the second and third stages. The reboot action of the device will clear the stages two and three to reduce the main problem. The FBI is said to have confiscated the internet domain used by malware authors who have been injected into stages two and three.
That way, the next level will not survive after being rebooted. The Ministry of Justice also appealed to users of SOHO Routers (small office home office) and NAS (network attached storage) servers that are likely to be infected with malware to immediately reboot the device to remove malware in the second phase temporarily.
It can prevent hackers from learning their weaknesses. Cisco also recommends users to do the factory reset (return to factory mode) that will eliminate all malware even in the first stage. If still hesitant to do so, the user can contact the router vendor
Post a Comment